". . . when tested with Internet Explorer and the latest Flash player (version 10), the exploit silently drops a Trojan and works "as advertised". Another interesting thing I noticed is that the Trojan, which is downloaded in the second stage, is partially XOR-ed – the attackers probably did this to evade IDSes or AV programs scanning HTTP traffic. At the moment, the detection for both the exploit and the Trojan is pretty bad (only 7/41 for the Trojan, according to VirusTotal).
- APSA09-03 - Security Advisory for Adobe Reader, Acrobat and Flash Player
- YA0D (Yet Another 0-Day) in Adobe Flash player
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...